Legitimate Interests Assessment

Purpose test

We have a legitimate interest in maintaining the integrity and security of the platform — protecting it from unauthorised access, credential abuse, fraudulent bursary applications, and other misuse. This interest is shared by the institutions that trust us with their students’ financial data, and by the students themselves.

The interest is real and substantial. The platform holds sensitive financial eligibility data for young people, and a breach or fraud event would have serious consequences for institutions, students and for us as a business.

Necessity test

Security monitoring necessarily involves processing personal data: server logs record IP addresses, user identifiers and action timestamps; authentication systems log login attempts and failures; and anomaly detection requires comparing current activity patterns against historical baselines. There is no way to achieve the security objective without this processing.

Balancing test

Users of a platform that handles sensitive financial data would reasonably expect security monitoring to be in place. The processing does not involve particularly invasive analysis of content — it is focused on metadata (who accessed what, when, from where) rather than the substance of applications. Users retain all their rights under UK GDPR.

The processing is proportionate: log data is retained for no longer than twelve months and is used only for security and operational purposes. Access to security logs is restricted to authorised personnel. We do not use this data for commercial profiling or share it with third parties for their own purposes.

Assessment: Our legitimate interest in security monitoring is not overridden by data subjects’ interests. The processing is expected, proportionate, and subject to appropriate safeguards.

Purpose test

We have a legitimate interest in understanding how the platform is used so that we can identify technical problems, improve usability, and develop features that better serve institutions and students. Running a software service without any understanding of how it is used would make it impossible to improve.

Necessity test

Some processing of personal data is necessary to understand usage patterns — for example, knowing which pages users visit, where they encounter errors, and how long typical journeys take. We anonymise or aggregate this data where possible, and we do not build individual behavioural profiles for this purpose.

Balancing test

Users of software platforms broadly expect that usage data is collected to improve the service. The data is used in a way that directly benefits users — a better, more reliable product. It is not shared with third parties for their own purposes and is not used for advertising or commercial profiling.

The impact on data subjects is low: the processing is focused on patterns rather than individual behaviour, and we apply aggregation and anonymisation where it can be achieved without compromising the analytical purpose.

Assessment: Our legitimate interest in improving the service is not overridden by data subjects’ interests. The processing is limited, proportionate, and used only to benefit users of the platform.

Purpose test

We have a legitimate interest in communicating with staff and administrators at institutions that use our platform, to inform them of changes to the service, new features, or guidance relevant to administering the 16–19 Bursary Fund. These are professional contacts with whom we have an existing relationship, and the content we send is directly relevant to their use of the platform.

Necessity test

Email is the practical channel for this communication; the institutional contacts we communicate with are professionals who use email as their primary communication tool. The processing of their contact details for this purpose is necessary to achieve it.

Balancing test

The people we contact are professional users of the platform, acting in their employment capacity. They would reasonably expect to receive communications about a service they are responsible for managing. We do not send marketing to students. The content is always relevant — we do not send generic promotions or share contact details with third parties for marketing.

Opt-out is straightforward: any communication includes an unsubscribe mechanism, and recipients can also opt out at any time by contacting us directly.

Assessment: Our legitimate interest in communicating service-relevant information to professional platform users is not overridden by their interests. The relationship is professional, the content is relevant, and opt-out is easy.

Purpose test

We have a legitimate interest in being able to diagnose and resolve technical issues to maintain the quality of the service. When a user reports a problem, our support staff may need to examine account data or logs to replicate and fix it. This is incidental access for a specific, limited purpose.

Necessity test

It is not possible to diagnose certain types of technical fault without examining account-level data. The alternative — providing support without any access — would mean we could not fulfil our contractual obligation to provide a working service.

Balancing test

Access for support purposes is limited to what is genuinely needed to resolve the reported issue. Support staff access is logged, and access to production data is restricted to a small number of authorised personnel. Users generally expect that a support team may need to look at their account to resolve a problem they have raised.

We do not use support access for any other purpose, and we do not retain notes from support interactions beyond what is operationally necessary.

Assessment: Our legitimate interest in providing technical support is not overridden by data subjects’ interests. Access is limited, purposive and restricted to authorised personnel.

Purpose test

We have a legitimate interest in standard business administration — maintaining records of contracts, correspondence and service engagements, as any responsible business would. This includes retaining contact information for institutional counterparties and records of service agreements for legal and operational purposes.

Necessity test

Retaining business records requires processing the contact details of the individuals involved. There is no practical alternative to keeping some record of who we have contracted with and how to reach them.

Balancing test

The individuals whose data is processed in this context are acting in a professional capacity — they are not members of the public. They would reasonably expect their business contact details to be retained by service providers they have engaged. The data involved is limited to business contact information (name, job title, work email address) and records of contractual arrangements.

We do not use this data for any purpose beyond standard business administration, and we apply appropriate retention limits.

Assessment: Our legitimate interest in maintaining standard business records is not overridden by data subjects’ interests. The processing is limited to professional contact data and is consistent with reasonable business practice.